Ranking flows from sampled traffic

C. Barakat, INRIA Sophia Antipolis, (a joint work with G. Iannaccone and C. Diot)

Abstract:

Inverting flow properties from sampled traffic is known to be complex and prone to errors. Previous work has mainly focused on inverting general traffic properties such as flow size distribution, average flow size, or total number of flows. In this work, we study the feasibility of the inversion of individual flow properties. We address this problem by analyzing the detection and ranking of the largest flows from sampled traffic. Surprisingly, our analytical analysis indicates that a high sampling rate (10\% and even more) is required. To reduce the sampling rate by an order of magnitude, the ranking must be limited to just a few large flows, or the traffic must consist of several millions of flows. The sampling rate can also be reduced if one is not interested in the relative sizes of the largest flows but just aims at detecting them. We verify our analytical result with trace-driven sampling simulations.